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(57) The present invention provides a method of 
providing secure communication of digital data between 
devices, said method comprising the steps of commu- 
nicating from one device an identifier of a device to an 
independent security module and performing device 
validation depending on the identity of the received iden- 
tifier 
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Description 

[0001] The present invention relates to a method of 
and apparatus for providing secure communication of 
digital data between devices. More specifically, the 
present invention relates to preventing illegal copying 
and redistribution of digitally recorded data. 
[0002] The introduction of digital technology in the au- 
diovisual field has brought considerable advantages to 
the consumer in comparison with analog technologies, 
notably in relation to the quality of reproduction of sound 
and image and the durability of the supporting medium. 
The compact disk has all but replaced traditional vinyl 
records and a similar trend is expected with the intro- 
duction of new digital products aimed at the multimedia 
and home entertainment markets generally, notably the 
DVD (digital video disk or digital versatile disk) players. 
[0003] A particular problem associated with digitally 
recorded data lies in its ease of reproduction and the 
possibilities for piracy that arise therefrom. A single dig- 
ital recording may be used to make any number of per- 
fect copies without any degradation in quality of the 
sound or image. This problem is a serious one, particu- 
larly with the advent of recordable digital products such 
as the minidisk or DAT, and the reluctance of entertain- 
ment companies to license copyright works whilst this 
problem remains has acted as a break on the introduc- 
tion into the market of new media products. 
[0004] At present, the most practically available solu- 
tion against unauthorised reproduction of copyright 
works has been a legal one, and a number of countries 
in Europe and elsewhere have introduced anti-piracy 
legislation to combat the increasing number of pirate 
films, CDs etc being brought onto the market. For obvi- 
ous reasons, a legal solution is less than optimal from 
the point of view of preventative action. 
[0005] Technological solutions proposed to date to 
prevent the unauthorised copying and distribution of dig- 
itally recorded data have been extremely basic, relying 
for example on the idea of using some form of digital " 
handshake 1 between devices in the digital audiovisual 
systeru for example, between the digital data, or DVD : 
player and the digital recorder, and between the DVD 
player and the digital television, so as to verify the origin 
of the device receiving the data from the DVD player. 
Such protection is, however, effective against only the 
most low level of copying activity, since the handshake 
signal is typically not protected in any way and may be 
easily read and reproduced so as to convert, lor exam- 
ple, an unauthorised recorder device into an apparently 
authorised recorder device. 

[0006] The aim of the present invention is to over- 
come the disadvantages associated with the prior art 
techniques and to provide a technological solution 
against the unauthorised copying and reproduction of 
digitally recorded copyright works. 
[0007] In a first aspect, the present invention provides 
a method of providing secure communication of digital 



data between devices, said method comprising the 
steps of communicating from one device an identifier of 
a device to an independent security module and per- 
forming device validation depending on the identity of 
5 the communicated identifier. 

[0008] In such a method, a independent security mod- 
ule is used to validate a device in, for example, a digital 
audiovisual system. For example, in a system in which 
data is communicated from a DVD player to a digital re- 
io corder s the user of the system might possess an appro- 
priate smartcard for validating the recorder and/or the 
player before any data is transferred. Thus, by using a 
security module to validate devices, an extra level of se- 
curity can be added to the system. 
[0009] Indeed, the use of an independent security 
module can lead to a highly personalized digital audio- 
visual system. For instance, the security module may 
enable data to be transferred from a DVD player to a 
digital television only if both the player and television are 
validated by the security module, thus enabling the dig- 
ital data to be viewed only on the user's personal tele- 
vision. 

[0010] The use of a security module to validate linked 
devices also provides an advantage in that device vali- 
dation can become independent of the link between the 
devices. Thus, if the communication link is intercepted 
by a third party, the identifiers of the devices cannot be 
obtained as they are not passed between the devices 
but from the individual devices to a security module. 
[0011] Such security modules can take any conven- 
ient form depending on the physical size and character- 
istics of the modules. For example, the security module 
may be detachable, for example removably insertable 
into a socket provided in the device or a separate mod- 
ule connected to the device. In some cases a smart card 
equivalent to a bank card may be used (as or as part of 
the security module), but other formats, such as PCM- 
CIA type cards, are equally possible. Thus, the security 
module may be easily replaced in order to update the 
rights provided by the security module, for example to 
invalidate certain devices in the event of the system pro- 
vider becoming aware of cloning of those devices. 
[001 2] The device identifier may take any convenient 
form. For example, the identifier may be a public key 
associated with the device. 

[001 3] The security module may perform device vali- 
dation by comparing the communicated identifier with at 
least one stored identifier. The stored identifiers may be 
stored in a memory of the security module. The identi- 
fiers may be stored in the form of a list, the received 
identifier being compared with the identifiers in the list 
in order to validate the device. This can provide for fast 
and efficient validation of the device. 
[0014] Each stored identifier may be associated with 
a respective one of a valid device or an invalid device. 
Upon receipt of the identifier, the security module may 
compare the received identifier with stored identifiers 
associated with invalid devices, and/or with stored iden- 



20 



25 



30 



35 



40 



45 



SO 



2 



3 



EP 1 045 585 A1 



4 



tifiers associated with valid devices. 
[0015] Thus, the security module may contain at least 
one ot a "revocation list' for blacklisting non-compliant 
devices and an 'authorization lis!' for restricting transfer 
of data to between pre-registered devices only. Device 
identifiers intentionally published by third parties, for ex- 
ample, on the Internet, can be added to the revocation 
list when periodically updating the security module in or- 
der to prevent data from being transferred to or from 
these devices. However, the use of an authorization list 
can also prevent device identifiers intentionally pub- 
lished on the Internet from working since these identifi- 
ers will not be valid anywhere except in, for example, a 
home network. 

[0016] The authorization list is therefore likely to be 
much shorter than the revocation list, thus saving mem- 
ory capacity, and is likely to require less-lrequent updat- 
ing. Thus, in a second aspect the present invention pro- 
vides a method of providing secure communication of 
digital data between devices, said method comprising 
the steps of comparing an identifier communicated from 
one device with at least one stored identifier, each 
stored identifier being associated with a respective valid 
device, and validating the device if the communicated 
identifier is identical to the or one of the stored identifi- 
ers. 

[0017] It is preferable that said at least one stored 
identifier is stored in an independent security module. 
[0018] The communicated identifier may be com- 
pared with identifiers associated with valid devices ac- 
cording to the setting of a flag. The flag may be stored 
within the security module or may be transmitted to the 
security module by the device. 
[0019] For example, the security module may com- 
pare the received identifier with stored identifiers asso- 
ciated with invalid devices when the flag has a first set- 
ting, and compare the received identifier with stored 
identifiers associated with valid devices when the flag 
has a second setting. 

[0020] The flag may be set according to rights provid- 
ed to the user. For example, the flag may take the first 
setting for a shop wherein a number of different devices 
are used, the setting of the flag being such that the re- 
ceived identifier is compared with stored identifiers as- 
sociated with invalid devices only. The flag may take the 
second setting for a home user wherein only a small 
number of devices are used, the setting of the flag being 
such that the received identifier is compared with stored 
identifiers associated with valid devices only. 
[0021] In one embodiment, the security module may 
compare the received identifier with stored identifiers 
associated with invalid devices when the flag has a set- 
ting "0", and compare the received identifier with both 
stored identifiers associated with invalid devices and 
stored identifiers associated with valid devices when the 
flag has a setting "1". 

[0022] In a preferred embodiment of the invention, 
certificates are passed between the device and the se- 



curity module to validate the device. 
[0023] The use of a certificate system to validate a 
device can provide for secure transmission of the iden- 
tifier from the device to the security module. Thus, the 

5 identifier of the device may be communicated to the se- 
curity module in an encrypted certificate, and so prob- 
lems associated with the transmission of identifiers of 
devices "in the clear" can be avoided. 
[0024] The certificate may be signed, for example, us- 

10 ing a private key. such as a private key of the manufac- 
turer of the device, to enable the authenticity of the com- 
municated certificate to be verified. Thus, if the security 
module determines that the data contained in the certif- 
icate and its signature do not correlate, the certificate 

15 can be rejected. 

[0025] An equivalent key to the private key may be 
communicated to the security module in a certificate en- 
crypted by a system private key, a system public key 
being stored in both the security module and the device. 

20 [0026] The encrypted certificate is preferably further 
encrypted by the device using a security module public 
key and communicated to the security module. The en- 
crypted certificate may be subsequently decrypted by 
the security module first using a security module private 

25 key and secondly using said equivalent key to enable 
the identifier of the device to be extracted from the de- 
crypted certificate. 

[0027] The public key of the security module may be 
communicated by the security modulo to the device in 

30 a certificate. The certificate including the public key of 
the security module may be encrypted using a private 
key, for example, of the manufacturer of the security 
module. This certificate may also be signed using the 
private key to enable the authenticity of the communi- 

35 cated certificate to be verified. An equivalent key to the 
private key may be communicated to the device in a cer- 
tificate encrypted by the system private key, the system 
public key being stored in both the security module and 
the device. 

40 [0028] The certificate containing the device identifier 
may be randomised by the device prior to encryption, 
the randomisation being reversed by the security mod- 
ule following decryption of the certificate. This can in- 
crease the security of the passing of the device identifier 

45 from the device to the security module. 

[0029] In addition to verifying a device, the security 
module may transfer information to a device in order, for 
example, to enable the device to process digital data 
received from another device. Thus, it is preferable to 

50 create a secure communication channel between the 
device and the security module. 
[0030] In one preferred embodiment of the present in- 
vention, a random number is generated by the device, 
the random number and the certificate containing the 

55 device identifier being encrypted by the device using a 
public key of the security module and communicated to 
the security module. The encrypted random number and 
certificate may be decrypted by the security module us- 
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ing a private key of the security module to obtain the 
random number and to enable the identifier of the device 
to be extracted from the decrypted certificate. 
[0031] The extracted random number may subse- 
quently be stored in the security module such that data 
communicated between the security module and the de- 
vice may thereafter be encrypted and decrypted by the 
random number in the security module and the device, 
thereby providing a secure communication link between 
the device and the security module. 
[0032] Thus, in a third aspect the present invention 
provides a method of providing secure communication 
of digital data between a device and a security module, 
said method comprising the steps of transferring to the 
security module a random number and an identifier of 
the device encrypted by a public key of the security mod- 
ule, the security module decrypting the random number 
and device identifier using a private key of the security 
module, validating the device using the device identifier 
and, upon validation ol the device, using the random 
number to encrypt and decrypt data communicated be- 
tween the security module and the device. 
[0033] Preferably, the device identifier is included in 
a certificate, the certificate being encrypted using the 
public key of the security module. 
[0034] The random number may be randomised by 
the device prior to encryption, the randomisation being 
reversed by the security module following decryption of 
the random number. 

[0035] Alternatively, the random number and the cer- 
tificate containing the device identifier may be ran- 
domised by the device prior to encryption, the randomi- 
sation being reversed by the security module following 
decryption of the random number and certificate. 
[0036] In order to increase the security of the commu- 
nication link between the device and the security mod- 
ule: the security module may communicate to the device 
a random key generated in the security module and en- 
crypted using the random number, the device decrypting 
the key using the random number and thereafter using 
the key to encrypt data sent to the security module. 
[0037] In addition to validating a device and for secure 
communication of data between the device and the se- 
curity module, the security module may be adapted to 
provide access rights to data received by the device. 
[0038] For example, the device may communicate to 
the security module an encrypted Entitlement Control 
Message (ECM) containing a control word for descram- 
bling data, the device further encrypting the encrypted 
ECM using the key. Thus, ECMs transmitted between a 
device and a security module are encrypted twice, one 
of the encryption keys being generated by the security 
module and therefore unique to the device and the se- 
curity module. This can provide significant improve- 
ments in the prevention of illegal copying and redistri- 
bution of ECMs. 

[0039] The security module may decrypt the encrypt- 
ed ECM, extract the control word from the ECM and 



communicate to the device the control word encrypted 
using the key 

[0040] This can enable a device such as a digital tel- 
evision to descramble scrambled data received from a 

5 DVD player. Moreover, the control word may always be 
passed to the device in encrypted form, the encryption 
being conducted using a key previously transmitted to 
the device following validation of the device. Therefore, 
the storage of additional public/private keys for encrypt- 

10 ing and decrypting the control words, or personalization 
of the device to the security module (or vice versa) is 
not required. 

[0041] Alternatively, the device may communicate to 
the security module an encrypted extended Entitlement 

is Control Message (XECM) containing extended Control. 
Management Information (XCMI), or access rights, to 
data, the device further encrypting the encrypted XECM 
using the key. The security module may decrypt the en- 
crypted XECM, modify the access rights contained in 

20 the XECM, encrypt the modified XECM and communi- 
cate to the device the encrypted modified XECM further 
encrypted using the key. 

[0042] Thus, the security module may modify access 
rights afforded to the device by an XECM. For example, 

25 if the device is a digital recorder device, these rights may 
include the prohibition of any subsequent re-recording 
of the stored data, the number of times which the stored 
data may be replayed, the expiry date of replay etc. 
[0043] In order to enable the devices to function more 

30 effectively it is desired to provide a securised or encrypt- 
ed communication link between the devices. The imple- 
mentation of a secure link between the devices can be 
used to enable information needed to prepare or play a 
recording to be passed freely between the devices. Un- 

3S fortunately the independence of activities between a 
manufacturer of a DVD player and a manufacturer of 
recording equipment responsible for the recorder may 
lead to a number of problems regarding the provision of 
encryption keys for this purpose. 

40 [0044] For example, a player manufacturer may not 
place sufficient confidence in the integrity of security at 
the manufacturing site of a recorder to entrust the man- 
ufacturer with, for example, a secret symmetric algo- 
rithm key needed by the recorder to decrypt communi- 

45 cations encrypted using the equivalent key held by the 
DVD player. 

[0045] Furthermore, the separation of activities may 
make it impractical to envisage a situation in which the 
recorder is sent to a broadcast system manager for per- 
50 sonalisation with the appropriate keys. For this reason, 
it is necessary to envisage a solution which allows the 
greatest independence of operation for the player and 
recorder. 

[0046] In order to solve such problems, in a preferred 
55 embodiment of the present invention, data is communi- 
cated between first and second devices, and upon val- 
idation of each device by the security module, the secu- 
rity module communicates to the first device a random 
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key generated in the security module and encrypted us- 
ing the random number generated by the first device, 
the first device decrypting the key using the random 
number generated thereby, and communicates to the 
second device the key encrypted using the random 
number generated by the second device, the second de- 
vice decrypting the key using the random number gen- 
erated thereby, the key thereafter being used to encrypt 
data communicated to the security module by the devic- 
es and data communicated between the devices. 
[0047] Accordingly in a fourth aspect the present in- 
vention provides a method of providing secure commu- 
nication of digital data between devices : said method 
comprising the step of providing a security module, gen- 
erating a random key (SK) in the security module and 
encrypting data communicated between the devices us- 
ing the random key 

[0048] By this method, the generation of an encryp- 
tion key for securing communication between the devic- 
es is performed by a security module in communication 
with the devices, and so key generation is performed 
independently of the devices. 
[0049] Such a method can provide a secure, flexible 
and upgradeable device interface-independent system 
for providing secure communication of digital data be- 
tween devices. The system can be based on a smart- 
card for generating the session key, and therefore can 
be cheap and enable fast action against piracy by the 
ease of providing updated smartcards, particularly as 
the responsibility of updating security can be the respon- 
sibility of a dedicated smartcard provider and not the de- 
vice manufacturers. 

[0050] The security module may communicate to 
each device the key encrypted using a random number 
generated by that device, the device decrypting the key 
using the random number 

[0051] Each device may communicate to the security 
module the respective random number encrypted using 
a public key ol the security module. The encrypted ran- 
dom number may be subsequently decrypted by the se- 
curity module using a private key of the security module 
to obtain the random number. Each random number 
may be randomised by the respective device prior to en- 
cryption, the randomisation being reversed by the secu- 
rity module following decryption of the random number. 
Preferably, the security module validates each device 
before transmitting the key to each device. To enable 
such validation to be performed, each device preferably 
communicates an identifier thereof to the security mod- 
ule for validation ol the device by the security module. 
[0052] The key may be periodically changed by the 
security module. The key may be updated, for example, 
on an hourly basis, or after a predetermined number of 
data packets are passed between the devices. This can 
provide further security to the data communication. Al- 
ternatively, the key may be randomly changed by the 
security module, for example, upon switching the device 
on, disc insertion, zapping of the device by the user, es- 



tablishment of a connection with the security module 
etc. 

[0053] A preferred embodiment of the present inven- 
tion is applied to a home network system, the devices 
s corresponding to first and second consumer electronic 
devices adapted to transfer data therebetween via a 
communication link. The communication link between 
the two devices may take one of many forms, for exam- 
ple, a radio, telephone or infra-red link. However, pref- 
ix erably, the communication link is implemented by con- 
nection of the first and second devices on a bus, tor ex- 
ample, a IEEE 1394 bus link. 
[0054] The first device may communicate to the sec- 
ond device scrambled audio and/or visual data and an 
J5 encrypted Entitlement Control Message (ECM) contain- 
ing a control word for descrambling the data, said data 
and said encrypted ECM being encrypted by the first de- 
vice using the key. 

[0055] The second device may decrypt the data and 
20 the encrypted ECM using the key, separate the encrypt- 
ed ECM from the data, and communicate to the security 
module the encrypted ECM re-encrypted using the key. 
The security module may decrypt the encrypted ECM, 
extract the control word from the ECM and communicate 
25 to the second device the control word encrypted using 
the key. In this embodiment, the first device may be a 
DVD player and the second device may be a digital tel- 
evision. 

[0056] Furthermore, the security module may modify 
30 the ECM and communicate to the second device the 
modified ECM encrypted using the key. In this embodi- 
ment, the first device may be a DVD player and the sec- 
ond device may be a digital recorder device. 
[0057] In a fifth aspect the present invention provides 
35 apparatus for providing secure communication of digital 
data between devices, said apparatus comprising a se- 
curity module comprising means for receiving an iden- 
tifier of a device and means for performing device vali- 
dation depending on the identity of the received identi- 
40 tier. 

[0058] In a related aspect the present invention pro- 
vides a security module for providing secure communi- 
cation of digital data between devices and arranged to 
receive an identifier of a device and to perform device 
45 validation depending on the identity of the received iden- 
tifier. 

[0059] In a sixth aspect the present invention provides 
apparatus for providing secure communication of digital 
data between devices, said apparatus comprising 

so means for storing at least one identifier, each stored 
identifier being associated with a respective valid de- 
vice, means for comparing an identifier of a device with 
said at least one stored identifier, and means for validat- 
ing the device if the identifier of the device is identical 

55 to the or one of the stored identifiers. 

[0060] In a related aspect the present invention pro- 
vides a security module for providing secure communi- 
cation of digital data between devices and arranged to 
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store at least one identifier, each stored identifier being 
associated with a respective valid device, to compare 
an identifier of a device with said at least one stored 
identifier, and to validate the device if the identifier of the 
device is identical to the or one of the stored identifiers. 5 
[0061] In a seventh aspect the present invention pro- 
vides a system for providing secure communication of 
data between a device and a security module, said de- 
vice comprising means for communicating to the secu- 
rity module a random number and an identifier of the J0 
device encrypted by a public key of the security module, 
the security module comprising means for decrypting 
the random number and device identifier using a private 
key of the security module, means for validating the de- 
vice using the device identifier, and means for using the 1* 
random number to encrypt and decrypt data communi- 
cated between the security module and the device. 
[0062] In a related aspect the present invention pro- 
vides a security module arranged to receive a random 
number and an identifier of a device encrypted by a pub- 20 
lie key of the security module, decrypt the random 
number and device identifier using a private key of the 
security module, validate the device using the device 
identifier, and, upon validation of the device, use the ran- 
dom number to encrypt and decrypt data communicated 25 
between the security module and the device 
[0063] In an eighth aspect the present invention pro- 
vides apparatus for providing secure communication of 
digital data between devices, said apparatus comprising 
the devices and a security module comprising means 30 
for generating a random key and means for communi- 
cating the random key to the devices, each device being 
arranged to encrypt data communicated between the 
devices using the random key. 

[0064] In a related aspect the present invention pro- 35 
vides a security module for providing secure communi- 
cation of digital data between devices and arranged to 
generate a random key (SK) for encrypting data com- 
municated between the devices and to communicate 
the random key to the devices. 40 
[0065] Whilst the invention has been described with 
reference to a first and second device, it will be appre- 
ciated that the same principle may be used to set up a 
chain of communication between a series of such de- 
vices. 45 
[0066] Suitable algorithms for use in this invention for 
generating private/public keys may include RSA, Fiat- 
Shamir, or Diffie-Hellman, and suitable symmetric key 
algorithms may include DES type algorithms, for exam- 
ple. However, unless obligatory in view of the context or so 
unless otherwise specified, no general distinction is 
made between keys associated with symmetric algo- 
rithms and those associated with public/private algo- 
rithms. 

[0067] The terms "scrambled" and "encrypted", and 55 
"control word" and "key" have been used at various 
parts in the text for the purpose of clarity of language. 
However, it will be understood that no fundamental dis- 



tinction is to be made between "scrambled data" and 
•encrypted data" or between a "control word' and a 
"key". 

[0068] Additionally, the terms "encrypted" and 
"signed", and "decrypted" and "verified" have been used 
at various parts in the text for the purpose of clarity of 
language. However, it will be understood that no funda- 
mental distinction is to be made between "encrypted da- 
ta" and "signed data", and "decrypted data" and "verified 
data". 

[0069] Similarly, the term "equivalent key" is used to 
refer to a key adapted to decrypt data encrypted by a 
first mentioned key, or vice versa. 
[0070] Features described above relating to method 
aspects of the present invention can also be applied to. 
apparatus aspects, and vice versa. 
[0071] Preferred features of the present invention will 
now be described, by way of example only, with refer- 
ence to the accompanying drawings, in which: 

Figure 1 shows the elements of a digital audiovisual 
system; 

Figure 2 shows the distribution of certificates in a 
digital audiovisual system; 

Figure 3 shows the connection of a security module 
to a device; 

Figure 4 shows the connection of a security module 
to two devices; 

Figure 5 shows the steps associated with the vali- 
dation of a device by the security module and sub- 
sequently providing secure communication be- 
tween the device and the security module; 

Figure 6 shows the steps associated with the gen- 
eration of a secure channel of communication be- 
tween a device and a security module; 

Figure 7 illustrates the descrambling of data re- 
ceived by a device; 

Figure 8 shows the steps associated with the pro- 
vision of secure communication between two devic- 
es; 

Figure 9 shows the transfer of data between two de- 
vices over a secure communication link; 

[0072] Figure 1 0 shows the steps associated with the 
setting up of a secure communication link between a 
DVD player and a digital television and the subsequent 
operations carried out to descramble data received from 
the DVD player by the digital television; and 
[0073] Figure 1 1 shows the steps associated with the 
setting up of a secure communication link between a 
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DVD player and a digital recorder and the subsequent 
operations carried out to descramble data received from 
the DVD player by the digital recorder. 
[0074] Referring to Figure 1 , elements of a digital au- 
diovisual system 10 for recordal and replaying of digital 
data will first be described. Whilst the invention will be 
discussed in relation to the playing of audiovisual data 
on a DVD player, it may also conveniently be applied ; 
for example, to the playing of exclusive audio informa- 
tion subsequently recorded on a DAT or minidisc record- 
er or even to the communication of software recorded 
on the hard disc of a computer. 
[0075] Typically the audiovisual system comprises a 
DVD player 1 2 for the playback of digital audiovisual da- 
ta stored, for example, on disk or tape. The DVD player 
is linked to a digital display 1 4 for the display of the data 
played by the DVD player 12. The display 14 is prefer- 
ably provided in the form of a digital television. The com- 
munication link 16 between the player 12 and display 
14 may take many forms, for example, a radio, tele- 
phone or infra-red link. However, preferably, the com- 
munication link is implemented by connection of the 
player and television on a bus : for example, a IEEE 1 394 
bus link. 

[0076] The system additionally includes a digital re- 
corder 18, such as a DVHS or DVD recorder, adapted 
to communicate with the DVD player 12, for example : 
via an IEEE 1394 bus 20. The recorder 18 receives a 
digital recording support (not shown) on which informa- 
tion is recorded. The recorder 18 includes a direct link 
22 to the display 14. However, digital audiovisual data 
may be passed from the player 12 to the recorder 18 
prior to display. 

[0077] Whilst the elements of player 12, display 14 
and recorder 18 have been indicated separately it is 
conceivable that some or all of these elements may be 
merged, for example, to provide a combined player/tel- 
evision set. 

[0078] In order to provide secure communication of 
data between devices in the digital audiovisual system, 
for example, to prevent the unauthorised copying and 
distribution of digitally recorded data, a validation sys- 
tem is used to validate one or more of the devices in the 
audiovisual system prior to any communication of data 
between the devices. 

[0079] A preferred device validation system is based 
on the transfer of certificates between a device and a 
security module. With reference to Figure 2, each device 
and security module is assigned a unique certificate for 
validation purposes. 

[0080] In a first stage of a certificate distribution sys- 
tem a certification authority (CA) 50 delivers encrypted 
certificates to both consumer electronics (CE) manufac- 
turers 52 and security providers (SP) 54. 
[0081] The CA 50 communicates to each CE manu- 
facturer 52 a respective encrypted certificate Cert^ 
(CEman_Kpub) shown at 56. This certificate contains, 
inter alia, a manufacturer public key CEman_Kpub and 



is encrypted by a system, or CA, private key CA_Kpri. 
To enable the contents of the certificate to be decrypted 
by the CE manufacturer 52, the CA 50 communicates 
to the CE manufacturer 52 the CA public key CA_Kpub. 
s It should be mentioned that the private key CA_Kpri is 
unique to and held exclusively by the CA 50. 
[0082] In a similar manner, the CA 50 communicates 
to each security provider 54 a respective encrypted cer- 
tificate Certc A (SP _Kpub) shown at 58. This certificate 
io contains, inter alia, a security provider public key 
SP_Kpub and is encrypted by the CA private key 
CA_Kpri. To enable the contents of the certificate to be 
decrypted by the security provider 54, the CA 50 com- 
municates to the security provider 54 the CA public key 
is CA_Kpub. 

[0083] In a second stage of the certificate distribution 
system, each consumer electronics (CE) manufacturer 
52 and security provider (SP) 54 assigns respective cer- 
tificates to its own products. 
[0084] Each CE manufacturer 52 assigns to each of 
its CE devices 60 a respective encrypted certificate 
Cert CEman( Dev ' ce - K P ub ) sn o wn at 62. This certificate 
contains, inter alia, a unique device public key 
Device_Kpub, together with an indication of the device 
capability (recorder, player, etc.). The certificate is en- 
crypted by an equivalent key to the public key 
CEman_Kpub. To enable the contents of the certificate 
to be decrypted, the CE manufacturer 52 stores in the 
CE device the CA public key CA_Kpub and the encrypt- 
ed certificate Cert CA (CEman_Kpub) of the CE manufac- 
turer 52. Thus, the public key Device_Kpub of the CE 
device 60 can serve as an identifier of the device. 
[0085] Similarly, each security provider 54 assigns to 
each security module 64 a respective encrypted certifi- 
cate Cert SP (SM_Kpub) shown at 66. Such security mod- 
ules 66 can take any convenient form depending on the 
physical size and characteristics of the modules. For ex- 
ample, the security module may be removably inserta- 
ble into a socket provided in a CE device 60 or may be 
a separate module connected to the device 60. In some 
cases a smart card equivalent to a bank card may be 
used, but other formats such as PCMCIA type cards are 
equally possible. 

[0086] The encrypted certificate assigned to the se- 
curity module 64 contains, inter alia, a unique security 
module public key SM^Kpub. The certificate is encrypt- 
ed by an equivalent key to the public key SP_Kpub. To 
enable the contents of the certificate to be decrypted, 
the security provider 54 stores in the security module 64 
the CA public key CA_Kpub and the encrypted certifi- 
cate Cert^SP^pub) of the security provider. Thus, 
the public key SM_Kpub of the security module 64 can 
serve as an identifier of the security module. 
[0087] A signature may be included in any of the 
above certificates to enable the contents of the certifi- 
cate to be verified following decryption of the certificate. 
The contents of the certificate may be signed using the 
key used to encrypt the certificate. 
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[0088] Validation of a device in the digital audiovisual 
system is carried out by the exchange of certificates be- 
tween the device and a security module. As shown in 
Figure 3, in a first embodiment the security module 64 
is connected to the device 60 via a communication link 
70 to enable the security module to validate that device 
only. However, as shown in Figure 4, the security mod- 
ule may alternatively be connected to two or more con- 
nected devices 60a, 60b via respective communication 
links 70a, 70b. 

[0089] Validation of a single device by a security mod- 
ule will now be described with reference to Figure 5. 
[0090] The validation procedure can be initiated at 
any time, for example, upon switching the device oa 
disc insertion, zapping of the device by the user, estab- 
lishment of connection with the security module etc. 
[0091] The validation procedure is initiated by the se- 
curity module. As shown at 100, the security module 64 
communicates to the device 60 the encrypted certificate 
Cert CA (SP_Kpub) of the security provider 54. At 102, 
the device decrypts the contents of the encrypted cer- 
tificate Cert^SP^Kpub) using the public key CA_Kpub 
of the CA 50 to enable the public key SP_Kpub of the 
security provider 54 to be extracted from the certificate. 
[0092] Following communication of the encrypted cer- 
tificate Certc A (SP_Kpub) to the device 60, at 104 the 
security module 64 communicates its own unique en- 
crypted certificate Cert SP (SM_Kpub) to the device 60. 
At 1 06 the device decrypts the contents of the encrypted 
certificate Cert SP (SM_Kpub) using the public key 
SP_Kpub of the security provider previously extracted 
by the device 60 from the encrypted certificate Certc A 
(SP_Kpub) in order to enable the public key SM_Kpub 
of the security module 64 to be extracted from the cer- 
tificate. 

[0093] At 1 08, the device 60 communicates to the se- 
curity module 64 the encrypted certificate Cert^ 
(CEman_Kpub) of the CE manufacturer 52. At 110, the 
security module 64 decrypts the encrypted certificate 
Cert CA (CEman_Kpub) using the public key CA_Kpub of 
the CA 50 to enable the public key CEman _Kpub of the 
CE manufacturer 52 to be extracted from the certificate. 
[0094] Following communication of the encrypted cer- 
tificate Cert^CEman.Kpub) to the security module 64. 
at 1 1 2 the device 60 generates a random number X. The 
random number X performs no function in the validation 
of the device by the security module. Instead, the ran- 
dom number X is used to generate a secure authenti- 
cated channel (SAC) between the device 60 and the se- 
curity module 64. This is described in more detail below. 
[0095] At 114 the device 60 performs bit shuffling of 
random number X and the encrypted certificate Cert^. 
man (Device_Kpub) stored in the device 60 in order to 
scramble the random number X and encrypted certifi- 
cate Certc^anfDevice.Kpub). The bit shuffled random 
number X and encrypted certificate Cert^^ 
(Device_Kpub) are subsequently encrypted at 116 us- 
ing the public key SM_Kpub of the security module 64 



previously communicated to the device 60 by the secu- 
rity module at step 104, and communicates the encrypt- 
ed bit shuffled random number and encrypted certificate 
Certc Eman (Device_Kpub) to the security module 64 at 
5 step 118. 

[0098] At 1 20, the security module 64 decrypts the en- 
crypted bit shuffled random number and encrypted cer- 
tificate CertcEn^fDevice.Kpub) using an equivalent 
key SM_Kpriv to the public key SM_Kpub. The bit shuf- 
J0 fling of the shuffled random number and encrypted cer- 
tificate Cert CEman (Device_Kpub) is reversed at step 
122. 

[0097] An algorithm used to bit shuffle the random 
number X and encrypted certificate Certc Eman 
15 (Device_Kpub) may be stored in the security module 64 
to enable the bit shuffling to be reversed. Alternatively, 
the security module 64 may send to the device 60 a ran- 
dom number, referred to as a random challenge, Z, fol- 
lowing receipt of the encrypted certificate Cert^ 
(CEman _Kpub). The random challenge Z is bit shuffled 
by the device 60, encrypted using the security module 
public key SM_Kpub and transmitted to the security 
module, preferably at the same time as the bit shuffled 
random number X and encrypted certificate Cert^^ 
(Device_Kpub). The security module 64 decrypts the 
encrypted shuffled random challenge Z and compares 
the bit shuffled random challenge with the unshuffled 
random challenge stored therein in order to determine 
how the random challenge Z has been shuffled by the 
device 60. The security module 64 uses the result of this 
challenge to reverse the bit shuffling applied to the ran- 
dom number X and encrypted certificate Cert^A 
(CEman _Kpub) by the device. 
[0098] Returning to Figure 5, the random number is 
extracted and stored by the security module 64 at step 
124. At 126, the security module 64 decrypts the en- 
crypted certificate Cert CEman (Device_Kpub) using the 
public key CEman_Kpubof the CE manufacturer 52 pre- 
viously transmitted to the security module 64 by the de- 
vice 60 in order to enable the public key Device_Kpub 
of the device 60 to be extracted from the certificate. 
[0099] Validation of the device 60 is carried out by the 
security module 64 using the public key Device_Kpub 
of the device 60 at step 128. The security module com- 
pares the received device public key Device_Kpub with 
a list of device public keys previously stored in the se- 
curity module. The list of device public keys may be gen- 
erated by the CA 50 and stored, for example : in memory, 
such as non-volatile memory, in the security module 64 
by the security provider 54. 

[0100] The security module 64 supports two types of 
list. A "revocation list" contains device public keys as- 
sociated with invalid devices and is used to blacklist 
non-compliant devices. An "authorization list" contains 
device public keys associated with valid devices and is 
used to restrict transfer of data to between pre-regis- 
tered devices only. 

[0101] Device identifiers intentionally published by 
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third parties, for example, on the Internet, can be added 
to the revocation list by the CA 50 when periodically up- 
dating the security module 64 in order to prevent data 
from being transferred to or from these devices or clones 
of these devices. However, the use of an authorization 
list can also prevent device identifiers intentionally pub- 
lished on the Internet from working since these identifi- 
ers will not be valid anywhere except in, for example, a 
home network. 

[0102] A flag embedded within the encrypted device 
certificate or the encrypted security module certificate 
determines the list with which the received device public 
key is compared. For example, the security module may 
compare the received device public key with stored pub- 
lic keys associated with invalid devices when the flag 
has a setting "0", and compare the received device pub- 
lic key with both stored public keys associated with 
invalid devices and stored public keys associated with 
valid devices when the flag has a setting T. 
[0103] If the device 60 is determined to be an invalid 
device, the security module 64 terminates communica- 
tion with the device 60. If, as shown in Figure 4, the se- 
curity module is in communication with other devices, 
communication with those devices is also terminated. 
[01 04] If the device is determined to be a valid device, 
the security module 64 generates a secure authenticat- 
ed channel (SAC) of communication between the device 
60 and the security module 64. Figure 6 shows the steps 
associated with the generation of a secure authenticat- 
ed channel of communication between a device and a 
security module. 

[0105] In step 200 the security module 64 generates 
a random session key SK. The random session key SK 
is TDES encrypted at step 202 by the security module 
64 using the random number X transmitted to the secu- 
rity module 64 by the device 60. The encrypted session 
key TDES X (SK) is transmitted to the device 60 at step 
204. 

[0106] At step 206, the device 60 decrypts the en- 
crypted session key TDES X (SK) using the random 
number X and stores the session key SK in memory at 
step 208. The session key SK is thereafter used to en- 
crypt data transferred between the device 60 and the 
security module 64. 

[0107] Thus, following validation of the device, key 
distribution is undertaken by the security module in or- 
der to create a secure channel of communication be- 
tween the device and the security module. Updating of 
the session key (SK) can also be initiated at any time, 
for example, upon switching the device on, disc inser- 
tion, zapping of the device by the user, establishment of 
connection with the security module etc. 
[0108] With reference to Figure 1 , the DVD player 12 
typically transmits scrambled data to the display 14 and 
recorder 18. The steps associated with the descram- 
bling of data received by a device will now be described 
with reference to Figure 7, 

[0109] A DVD disk typically stores encrypted Entitle- 



ment Control Messages (ECMs) together with the 
scrambled audio and/or visual data. An ECM is a mes- 
sage related to the scrambled audio and/or visual data. 
The message contains a control word (which allows for 

s the descrambling of the data) and the access criteria of 
the data. The access criteria and control word are trans- 
mitted by the DVD player 12 to, for example, display 14 
via the communication link 16. 
[011 0] The data stored on the disk typically comprises 

w a number of distinct components; for example a televi- 
sion programme includes a video component, an audio 
component, a sub-title component and so on. Each of 
these components is individually scrambled and en- 
crypted. In respect of each scrambled component of the 

15 data, a separate ECM is required. Alternatively, a single 
. ECM may be required for all of the scrambled compo- 
nents of a service 

[0111] The control word typically changes every few 
seconds, and so ECMs are also periodically inserted in 

20 the data to enable the changing control word to be de- 
scrambled. For redundancy purposes, each ECM typi- 
cally includes two control words; the present control 
word and the next control word. 
[0112] Upon receipt of scrambled data and an en- 

25 crypted ECM from the DVD player 12, the display 14 
extracts the ECM from the scrambled data and passes 
the extracted ECM to descrambling circuitry for decrypt- 
ing the ECM and extracting the control word from the 
decrypted ECM. 

30 [0113] The descrambling circuitry may be implement- 
ed in a detachable conditional access module 40 or 
CAM, commonly embodied in the form of a PCMCIA, or 
PC, card insertable in a socket in the recipient device. 
Alternatively, the CAM 40 may be physically separate 

35 from the recipient device, the CAM 40 and display 14 
being communicably linked by any suitable communica- 
tion link 42, for example via a serial or parallel interface. 
[0114] The CAM 40 may itself further include a slot to 
receive a smart card. In such systems, the smartcard 

40 controls whether the end user has the right to decrypt 
the ECM and to access the programme. If the end user 
does have the rights, the ECM is decrypted by a proc- 
essor 41 within the smart card and the control word ex- 
tracted. The processor 41 of the CAM 40 may then de- 

45 scramble the scrambled data to supply the recipient de- 
vice with a clear data stream for, for example, decom- 
pression and subsequent display. Alternatively, the de- 
scrambling of the data may be carried out within the dis- 
play 14 using the control word information communicat- 

50 ed to the display 1 4 from the CAM 40. 

[0115] In the case where scrambled data is commu- 
nicated from the DVD player 12 to the digital recorder 
1 8 for subsequent viewing, the manufacturer of the DVD 
disk may wish to restrict access to the recorded data. 

55 For example, the disk manufacturer may wish to prohibit 
any further copying of the recorded data. In such situa- 
tions, the access rights, or extended Control Manage- 
ment Information (XCMI), are contained is an extended 
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Entitlement Control Message (XECM) which includes 
any access rights as determined by the disk manufac- 
turer. Upon receipt ol the XECM, the processor 41 of the 
CAM 40 decrypts the XECM, modifies the XECM, for 
example to prohibit any copying of the recorded data, 
re-encrypts the ECM and passes the modified, re-en- 
crypted ECM back to the recorder device. 
[0116] In this type of system, sensitive data (control 
words, modified XECMs or descrambled data) may be 
passed between the CAM and the display 1 4 or recorder 
18 and problems of security may arise at this interface. 
To overcome such problems, prior to communication of 
any data, for example, an ECM from the display 14 to 
the smartcard, a secure authenticated channel (SAC) 
42 is created, as described above with reference to Fig- 
ures 5 and 6, between the display 14 and the CAM 40. 
In order to create the SAC 42 between the display 14 
and the CAM 40, the CAM 40 must store, for example 
in the smartcard, the list of device public keys in order 
to validate the display 14. 

[0117] As shown in Figure 4, the security module may 
be connected to two or more connected devices 60a ; 
60b via respective communication links 70a, 70b. As 
well as validating both of these devices, each device be- 
ing validated as described in Figure 5, the security mod- 
ule can create a secure communication channel be- 
tween the devices. Figure 8 shows the steps associated 
with the provision of secure communication between 
two devices. 

[0118] The provision of secure communication be- 
tween device A 60a and device B 60b is carried out after 
both of the devices 60a, 60b have been validated by the 
security module. With reference to Figure 8, at step 300 
the security module 64 generates a random session key 
SK. The random session key SK is encrypted at step 
302 by the security module 64 using the random number 
X transmitted to the security module 64 by the device A 
60a during validation of the device. The encryption is 
preferably conducted using a symmetric algorithm, such 
as Triple DES (TDES). 

[0119] The encrypted session key TDES X (SK) is 
transmitted to the device A 60a at step 304. 
[01 20] At step 306, the device A 60a decrypts the en- 
crypted session key TDES X (SK) using the random 
number X and stores the session key SK in memory. 
[0121] At step 308, the random session key SK is ad- 
ditionally TDES encrypted by the security module 64 us- 
ing random number Y transmitted to the security module 
64 by the device B 60b during validation of the device. 
The encrypted session key TDESy(SK) is transmitted to 
the device B 60b at step 310. At step 312, the device B 
60b decrypts the encrypted session key TDES X (SK) us- 
ing the random number Y and stores the session key 
SK in memory. 

[0122] Thus, the session key SK is transmitted to 
each device over a respective SAC. The session key SK 
can then be used by, for example, device A 60a to en- 
crypt data transmitted to device B 60b via communica- 



tion link 75. 

[0123] With reference to Figure 9, at step 400, device 
60a encrypts data D using the session key SK. The en- 
cryption algorithm used in a symmetric algorithm, such 

5 as Triple DES (TDES) algorithm or such like. 

[0124] The encrypted data TDES SK (D) is transmitted 
to device 60b via communication link 75 at step 402. At 
step 404, device B 60b decrypts the encrypted data 
TDES SK (D) using the session key SK to obtain the data 

io D. 

[0125] As discussed above, there is no generation of 
session keys by any of the devices; session keys are 
generated only by the security module. Therefore, the 
above method provides a very simple but yet secure 

J5 method of providing secure communication between 
devices, as the data transmitted by one device can only 
be decrypted by a device which has established a se- 
cure authenticated channel with the same security mod- 
ule as that one device. 

20 [0126] As discussed with reference to Figure 7. in ad- 
dition to carrying out validation of devices and the cre- 
ation of SACs, the security module may transmit control 
words, access rights and/or scrambled data to a device. 
Figures 1 0 and 1 1 illustrate examples in which a security 

25 module sets up a secure communication link between 
two devices and subsequently transmits data associat- 
ed with scrambled data to a device. 
[0127] Figure 10 shows, in a first example, the steps 
associated with the setting up of a secure communica- 

30 tion link between a DVD player and a digital television 
and the subsequent operations carried out to descram- 
ble data received from the DVD player by the digital tel- 
evision. 

[01 28] In step 500, the security module 64 determines 
35 the validity of each of the DVD player 1 2 and the digital 
TV 14, using steps as described above with reference 
to Figure 5. If the two devices are determined to be valid, 
the security module 64 establishes secure authenticat- 
ed channels (SACs) with the DVD player 1 2 and the dig- 
40 rial TV, using the steps as described above with refer- 
ence to Figure 6. As a result of establishing the SACs, 
a session key SK is stored in each of the devices and 
in the security module. 

[0129] In step 502, data comprising Control System 
<5 Scrambled (CSS) data and proprietary encrypted ECMs 
containing control words for descrambling the data are 
encrypted by the DVD player 12 using the session key 
SK and transmitted to the digital TV via the communi- 
cation link 16. 

50 [0130] The encrypted data is received by the digital 
TV 14 in step 504 and decrypted using the session key 
SK. The scrambled data is passed to a demultiplexer 90 
which, in step 506, separates the CSS data from the en- 
crypted ECMs. The encrypted ECMs are passed over 

55 the SAC by the digital TV 14 to the security module 64 
in step 508. For transfer to the security module 64 over 
the SAC, the encrypted ECMs are further encrypted by 
the digital TV 14 using the session key SK generated by 
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the security module 64. 

[0131] As shown in Figure 10, the security module is 
notionally divided into a standardized security part 66 
and a proprietary security part 68. The twice-encrypted 
ECMs are received at the standardized security part 66 
in step 510 and decrypted once using the session key 
SK. In step 512, the proprietary encrypted ECMs are 
passed to the proprietary security part 68 which, in step 
514, decrypts and validates the encrypted ECMs using 
an equivalent key to the proprietor's key used to encrypt 
the ECMs : and processes the ECM, if authorised, to ex- 
tract the control words, or CSS keys, Irom the ECM. 
[0132] In step 516, the CSS keys are passed to the 
standardized security part 66 which encrypts the CSS 
keys using the session key SK and passes the encrypt- 
ed CSS keys to the digital TV 14 over the SAC. The re- 
ceived encrypted CSS keys are decrypted by the digital 
TV 14 using the session key at step 518 and subse- 
quently passed to a descrambler 92 for use in descram- 
bling the CSS data. At 520, the descrambled data is 
transmitted to display 94 for display. 
[0133] As will be readily understood from the above, 
control words are always encrypted using the session 
key SK before being transmitted between any of the de- 
vices and the security module. 
[0134] In the above example, the control words are 
contained in ECMs. However, the ECMs may be con- 
tained in XECMs together with XCMI, or access rights, 
which are processed by the proprietary security part 68, 
for example, to determine whether the user's rights to 
view the data have expired. 
[0135] Figure 11 shows, in the second example, the 
steps associated with the setting up of a secure com- 
munication link between a DVD player and a digital re- 
corder and the subsequent operations carried out to de- 
scramble data received from the DVD player by the dig- 
ital recorder. 

[0136] In step 600, the security module 64 determines 
the validity of each ol the DVD player 12 and the digital 
recorder 18, using steps as described above with refer- 
ence to Figure 5. If the two devices are determined to 
be valid, the security module 64 establishes secure au- 
thenticated channels (SACs) with the DVD player 12 
and the digital recorder 18, using the steps as described 
above with reference to Figure 6. As a result of estab- 
lishing the SACs, a session key SK is stored in each of 
the devices and in the security module. 
[0137] In step 602, data comprising Control System 
Scrambled (CSS) data and proprietary encrypted XEC- 
Ms containing control words for descrambling the data 
and XCMI are encrypted by the DVD player 12 using the 
session key SK and transmitted to the recorder via the 
communication link 20. 

[01 38] The encrypted data is received by the recorder 
1 8 in step 604 and decrypted using the session key SK. 
The scrambled data is passed to a demultiplexer 90 
which, in step 606, separates the CSS data from the en- 
crypted XECMs. The encrypted XECMs are passed 



over the SAC by the recorder 18 to the security module 
64 in step 608. For transfer to the security module 64 
over the SAC . the encrypted XECMs are further en- 
crypted by the recorder 18 using the session key SK 
s generated by the security module 64. 

[0139] As shown in Figure 11 , the security module is 
notionally divided into a standardized security part 66 
and a proprietary security part 68. The twice-encrypted 
XECMs are received at the standardized security part 
66 in step 610 and decrypted once using the session 
key SK. In step 512, the proprietary encrypted XECMs 
are passed to the proprietary security part 68 which, in 
step 614, decrypts and validates the encrypted XECMs 
using an equivalent key to the proprietor's key used to 
encrypt the XECMs, and processes the XECMs, if au- 
thorised, to update the XCMI, for example, to limit the 
number of times which the user may replay the data, to 
prohibit any further re-recording of the data etc. 
[0140] In step 616, the modified XECMs are encrypt- 
ed using a proprietary algorithm PA and a user key 96 
stored in the security module 68. This adds security to 
the data recorded by the recorder 18; the control words 
for descrambling the CSS data can only be extracted 
from the modified XECM if the user has access to the 
user key. Thus, playback and viewing of the recorded 
data is restricted to the holder of the security module. 
[0141] In step 618, the encrypted XECMs are passed 
to the standardized security part 66 which further en- 
crypts the encrypted XECMs using the session key SK 
and passes the encrypted XECMs to the recorder over 
the SAC. The received encrypted XECMs are decrypted 
once by the recorder using the session key at step 620 
and subsequently passed to a recording medium 98, 
such as DAT tape, for storing the CSS data and the en- 
crypted XECMs. 

[0142] It will be understood that the present invention 
has been described above purely by way of example, 
and modifications of detail can be made within the scope 
of the invention. 

[0143] For example, whilst the above examples have 
described the provision of a communication link be- 
tween devices using an IEEE 1 394 digital interface, uni- 
directional links such as 8-VSB and 16-VSB may also 
be used. 

[0144] It is not essential for a device to pass certifi- 
cates directly to a security module. For example, where 
a first device is unable to receive data from a security 
module, the first device may pass its certificates to a 
second device in two-way communication with the se- 
curity module for validation of the first device. 
[0145] In the described examples, only one security 
module is provided. However, different security modules 
may coexist within a network comprised of a number of 
devices connected via various interfaces. 
[01 46] Each feature disclosed in the description, and 
(where appropriate) the claims and drawings may be 
provided independently or in any appropriate combina- 
tion. 
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Claims 

1. A method of providing secure communication of 
digital data between devices, said method compris- 
ing the steps of communicating from one device an 5 
identifier of a device to an independent security 
module and performing device validation depend- 
ing on the identity of the communicated identifier. 

2. A method according toClaim 1 , wherein the security io 
module performs device validation by comparing 

the communicated identifier with at least one stored 
identifier. 

3. A method according to Claim 2 ; wherein each *s 
stored identifier is associated with a respective one 

of a valid device or an invalid device. 

4. A method according to Claim 3, wherein the com- 
municated identifier is compared with stored identi- 20 
fiers associated with invalid devices. 

5. A method according to Claim 3 or 4, wherein the 
communicated identifier is compared with stored 
identifiers associated with valid devices. 25 

6. A method of providing secure communication of 
digital data between devices, said method compris- 
ing the steps of comparing an identifier communi- 
cated from one device with at least one stored iden- 30 
tifier, each stored identifier being associated with a 
respective valid device, and validating the device if 

the communicated identifier is identical to the or one 
of the stored identifiers. 

35 

7. A method according to Claim 6, wherein said at 
least one stored identifier is stored in an independ- 
ent security module. 



13. A method according to Claim 12, wherein an equiv- 
alent key to the private key is communicated to the 
security module in a certificate encrypted by a sys- 
tem private key, a system public key being stored 
in both the security module and the device. 

14! A method according to Claim 1 2 or 1 3, wherein the 
encrypted certificate is further encrypted by the de- 
vice using a security module public key and com- 
municated to the security module. 

15. A method according to Claim 14, wherein the en- 
crypted certificate is decrypted by the security mod- 
ule first using a security module private key and sec- 
ondly using said equivalent key to enable the iden- . 
tifier of the device to be extracted from the decrypt- 
ed certificate. 

16. A method according to Claim 15, wherein the cer- 
tificate containing the device identifier is ran- 
domised by the device prior to encryption, the ran- 
domisation being reversed by the security module 
following decryption of the certificate. 

17. A method according to Claim 12 or 13, wherein a 
random number (X) is generated by the device, the 
random number (X) and the encrypted certificate 
containing the identifier of the device being encrypt- 
ed by the device using a security module public key 
and communicated to the security module. 

18. A method according to Claim 17, wherein the en- 
crypted random number (X) and encrypted certifi- 
cate are decrypted by the security module first using 
a security module private key to obtain the random 
number (X), and secondly using said public key to 
enable the identifier of the device to be extracted by 
the security module. 



8. A method according to Claim 5 or 7, wherein the 40 19. A method according to Claim 18, wherein the ex- 
communicated identifier is compared with stored traded random number (X) is stored in the security 
identifiers associated with valid devices according module such that data communicated between the 
to the setting of a flag. security module to the device may thereafter be en- 
crypted and decrypted by the random number in the 

9. A method according to any of Claims 1 to 6 and 8, 45 security module and the device, 
wherein certificates are passed between the device 

and the security module to validate the device. 20. A method of providing secure communication of 

digital data between a device and a security mod- 

10. A method according to Claim 9, wherein the identi- ule, said method comprising the steps of transfer- 
rer of the device is communicated to the security so ring to the security module a random number and 
module in an encrypted certificate. an identifier of the device encrypted by a public key 

of the security module, the security module decrypt- 

11. A method according to Claim 10, wherein the cer- ing the random number and device identifier using 
tificate is signed to enable the authenticity of the a private key ol the security module, validating the 
communicated certificate to be verified. ss device using the device identifier and, upon valida- 
tion of the device, using the random number to en- 

1 2. A method according to Claim 1 0 or 1 1 , wherein the crypt and decrypt data communicated between the 
certificate is encrypted using a private key. security module and the device. 
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21. A method according to Claim 20, wherein the iden- 
tifier of the device is included in a certificate gener- 
ated by the device, the certificate being encrypted 
using the public key of the security module. 

5 

22. A method according to Claim 20 or 21 , wherein the 
random number is randomised by the device prior 
to encryption, the randomisation being reversed by 
the security module following decryption of the ran- 
dom number. jo 

23. A method according to any of Claims 1 7 to 1 9 or 21 , 
wherein the random number and the certificate con- 
taining the identifier of the device are randomised 

by the device prior to encryption, the randomisation is 
being reversed by the security module following de- 
cryption of the random number and certificate. 

24. A method according to any of Claims 19 to 23, 
wherein the security module communicates to the so 
device a random key (SK) generated in the security 
module and encrypted using the random number 
(X), the device decrypting said key (SK) using the 
random number (X) and thereafter using said key 
(SK) to encrypt data sent to the security module. 25 



generated in the security module and encrypted us- 
ing the random number (X) generated by the first 
device, the first device decrypting said key (SK) us- 
ing the random number (X) generated thereby, and 
communicates to the second device said key (SK) 
encrypted using the random number (Y) generated 
by the second device, the second device decrypting 
said key (SK) using the random number (Y) gener- 
ated thereby, said key (SK) thereafter being used 
to encrypt data communicated between the security 
module and the devices and data communicated 
between the devices. 

30. A method of providing secure communication of 
digital data between devices, said method compris- 
ing the step of providing a security module, gener- 
ating a random key (SK) in the security module and 
encrypting data communicated between the devic- 
es using the random key. 

31 . A method according to Claim 30, wherein the secu- 
rity module communicates to each device the key 
(SK) encrypted using a random number (X) gener- 
ated by that device, the device decrypting the ses- 
sion key (SK) using the random number (X). 



25. A method according to Claim 24, wherein the device 
communicates to the security module an encrypted 
Entitlement Control Message (ECM) containing a 
control word for desc rambling data, the device fur- -30 
ther encrypting the encrypted ECM using said key 
(SK). 

26. A method according to Claim 25, wherein the secu- 
rity module decrypts the encrypted ECM, extracts 35 
the control word from the ECM and communicates 

to the device the control word encrypted using said 
key (SK). 

27. A method according to Claim 24, wherein the device 40 
communicates to the security module an encrypted 
Extended Entitlement Control Message (XECM) 
containing access rights to data, the device further 
encrypting the encrypted XECM using said key 
(SK). 45 

28. A method according to Claim 27, wherein the secu- 
rity module decrypts the encrypted XECM, modifies 
the access rights contained in the XECM, encrypts 
the modified XECM and communicates to the de- so 
vice the encrypted modified XECM further encrypt- 
ed using said key (SK). 

29. A method according to any of Claims 19 to 28, 
wherein data is communicated between first and & 
second devices, and upon validation of each device . 

by the security module, the security module com- 
municates to the first device a random key (SK) 



32. A method according to Claim 31 , wherein each de- 
vice communicates to the security module the re- 
spective random number (X) encrypted using a pub- 
lic key (SM_Kpub) of the security module. 

33. A method according to Claim 32, wherein the en- 
crypted random number (X) is decrypted by the se- 
curity module using a private key (SM_Kpriv) ol the 
security module to obtain the random number (X). 

34. A method according to Claim 33, wherein each ran- 
dom number (X) is randomised by the respective 
device prior to encryption, the randomisation being 

. reversed by the security module following decryp- 
tion of the random number (X). 

35. A method according to any of Claims 30 to 34, 
wherein the security module validates each device 
before communicating said key (SK) to each de- 
vice. 

36. A method according to Claim 35, each device com- 
municates an identifier thereof to the security mod- 
ule for validation of the device by the security mod- 
ule. 

37. A method according to any of Claims 28 to 36, . 
wherein said key (SK) is periodically changed by the 
security module. 

38. A method according to any of Claims 29 to 37 as 
applied to a home network system, the devices cor- 
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responding to first and second consumer electronic 
devices adapted to transfer data therebetween via 
a communication link. 

39. Apparatus for providing secure communication of 
digital data between devices, said apparatus com- 
prising a security module comprising means for re- 
ceiving an identifier of a device and means for per- 
forming device validation depending on the identity 
of the received identifier 

40. A security module for providing secure communica- 
tion of digital data between devices and arranged 
to receive an identifier of a device and to perform 
device validation depending on the identity of the 
received identifier. 



45. Apparatus for providing secure communication of 
digital data between devices, said apparatus com- 
prising the devices and a security module compris- 
ing means for generating a random key and means 
s for communicating the random key to the devices, 
each device being arranged to encrypt data com- 
municated between the devices using the random 
key. 

io 46. A security module for providing secure communica- 
tion of digital data between devices and arranged 
to generate a random key (SK) for encrypting data 
communicated between the devices and to commu- 
nicate the random key to the devices. 

1S 



41. Apparatus for providing secure communication of 
digital data between devices, said apparatus com- 
prising means for storing at least one identifier, each 20 
stored identifier being associated with a respective 
valid device, means for comparing an identifier of a 
device with said at least one stored identifier, and 
means forvalidatingthedevice if the identifier of the 
device is identical to the or one of the stored iden- 2s 
tifiers. 

42. A security module for providing secure communica- 
tion of digital data between devices and arranged 

to store at least one identifier, each stored identifier 30 
being associated with a respective valid device, to 
compare an identifier of a device with said at least 
one stored identifier, and to validate the device if the 
identifier of the device is identical to the or one of 
the stored identifiers. 3S 



43. A system for providing secure communication of da- 
ta between a device and a security module, said de- 
vice comprising means for communicating to the 
security module a random number and an identifier *o 
of the device encrypted by a public key of the secu-. 
rity module, the security module comprising means 
for decrypting the random number and device iden- 
tifier using a private key of the security module, 
means for validating the device using the device 45 
identifier, and means for using the random number 
to encrypt and decrypt data communicated between 
the security module and the device. 



44. A security module arranged to receive a random so 
number and an identifier of a device encrypted by 
a public key of the security module, decrypt the ran- 
dom number and device identifier using a private 
key of the security module, validate the device using 
the device identifier, and, upon validation of the de- ss 
vice, use the random number to encrypt and decrypt 
data communicated between the security module 
and the device 
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1. Claims: 1-5,8-29,37-40,43,44 

Method for providing secure conraunl cation of digital data 
between devices, comprising the steps of communicating from 
one device to an Independent security module a device 
identifier, and performing device validation depending on 
the identity of the communicated identifier. 



2. Claims: 6,7,41,42 

Method for providing secure communication of digital data 
between devices, comprising the steps of communicating from 
one device a device identifier and performing device 
validation depending on the comparlsion of the communicated 
identifier with at least one stored identifier. 



3. Claims: 30-36,45,46 

Method for providing secure communication of digital data 
between devices, wherein the data, communicated between the 
devices, is encrypted by using a random key, generated 1n a 
security module. 
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